Why does test Steeltoe.Common.Security.Test.ConfigurationExtensionsTest::ConfigurationExtensionsTest fail when using Sandbox

[ccheetham]

Prior to Sandbox, the test arrangement was:

var filename = "fakeCertificate.p12";
await File.WriteAllTextAsync(filename, "cert1");

When the test arrangement is rewritten to use a Sandbox. it fails:

using var sandbox = new Sandbox();
var filename = sandbox.CreateFile("fakeCertificate.p12", "cert1");

It seems the test should succeed with either arrangement. A notable difference in the arrangements is that the prior arrangment filename is a relative path, whereas the Sandbox arrangement filename is an absolute path.

[ccheetham]

The issue stems from the FileProvider's Root dir used to watch for file changes.

The impl Steeltoe.Common.Security.PemCertificateSource::Build looks like:

public override IConfigurationProvider Build(IConfigurationBuilder builder)
{
    EnsureDefaults(builder);
    return new FileProvider(this);
}

EndureDefaults(builder) initializes the PemCerticateSource's FileProvider with the concrete implementation PhysicalFilesWatcher whose Root is set to the directory in which the test is running when it should instead be the directory containing the PEM file.

The original test passes because the test PEM is written relative to the test run dir so the file change is detected. The new test fails because the test PEM is written outside of the run dir.

[bart-vmware]

Related issue: #1314.

[TimHess]

#1306 re-worked CertificateOptions to consistently bind certificates at the IOptions layer rather than doing anything other than path management in IConfiguration and this is no longer an issue (all related tests are using Sandbox now)